Phishers are deploying what appears to be a clever new trick to snag people’s Facebook passwords by presenting convincing replicas of single sign-on login windows on malicious sites, researchers said this week.

Single sign-on, or SSO, is a feature that allows people to use their accounts on other sites—typically Facebook, Google, LinkedIn, or Twitter—to log in to third-party websites. SSO is designed to make things easier for both end users and websites. Rather than having to create and remember a password for hundreds or even thousands of third-party sites, people can log in using the credentials for a single site. Websites that don’t want to bother creating and securing password-based authentication systems need only access an easy-to-use programming interface. Security and cryptographic mechanisms under the hood allow the login to happen without the third-party site ever seeing the username and password.

Researchers with password manager service Myki recently found a site that purported to offer SSO from Facebook. As the video below shows, the login window looked almost identical to the real Facebook SSO. This one, however, didn’t run on the Facebook API and didn’t interface with the social network in any way. Instead, it phished the username and password.

Enlarge / An employee working for the manufacturer of solar batteries, Sonnen GmbH, in the Bavarian village Wildpoldsried, southern Germany, is pictured on July 5, 2016. (credit: CHRISTOF STACHE/AFP/Getty Images)

On Friday, oil major Royal Dutch Shell and German energy storage company Sonnen announced that Shell would acquire Sonnen for an undisclosed amount.

Sonnen has been one of the top competitors with Tesla's Powerwall in the US home battery market. The company built its base in Germany, attaching batteries for self-consumption to homes with solar panels. Sonnen now claims 40,000 batteries installed in households in Germany, the US, and Australia.

The company's assets include proprietary software that optimizes a home's battery use in combination with solar power.

OpenAI, a non-profit research company investigating "the path to safe artificial intelligence," has developed a machine learning system called Generative Pre-trained Transformer-2 (GPT-2 ), capable of generating text based on brief writing prompts. The result comes so close to mimicking human writing that it could potentially be used for "deepfake" content. Built based on 40 gigabytes of text retrieved from sources on the Internet (including "all outbound links from Reddit, a social media platform, which received at least 3 karma"), GPT-2 generates plausible "news" stories and other text that match the style and content of a brief text prompt.

The performance of the system was so disconcerting, now the researchers are only releasing a reduced version of GPT-2 based on a much smaller text corpus. In a blog post on the project and this decision, researchers Alec Radford, Jeffrey Wu, Rewon Child, David Luan, Dario Amodei, and Ilya Sutskever wrote:

Due to concerns about large language models being used to generate deceptive, biased, or abusive language at scale, we are only releasing a much smaller version of GPT-2 along with sampling code. We are not releasing the dataset, training code, or GPT-2 model weights. Nearly a year ago we wrote in the OpenAI Charter: “we expect that safety and security concerns will reduce our traditional publishing in the future, while increasing the importance of sharing safety, policy, and standards research,” and we see this current work as potentially representing the early beginnings of such concerns, which we expect may grow over time. This decision, as well as our discussion of it, is an experiment: while we are not sure that it is the right decision today, we believe that the AI community will eventually need to tackle the issue of publication norms in a thoughtful way in certain research areas.

OpenAI is funded by contributions from a group of technology executives and investors connected to what some have referred to as the PayPal "mafia"—Elon Musk, Peter Thiel, Jessica Livingston, and Sam Altman of YCombinator, former PayPal COO and LinkedIn co-founder Reid Hoffman, and former Stripe Chief Technology Officer Greg Brockman. Brockman now serves as OpenAI's CTO. Musk has repeatedly warned of the potential existential dangers posed by AI, and OpenAI is focused on trying to shape the future of artificial intelligence technology—ideally moving it away from potentially harmful applications.

With five measles outbreaks ongoing in the US, lawmakers are questioning both health officials and tech giants on their efforts to combat the noxious anti-vaccine misinformation fueling the spread of disease.

Last week, Lamar Alexander (R-Tenn.), chairman of the Senate health committee, along with ranking member Patty Murray (D-Wash.) sent a letter to the Centers for Disease Control and Prevention and Health and Human Services. The lawmakers asked what health officials were doing to fight misinformation and help states dealing with outbreaks. “Many factors contribute to vaccine hesitancy, all of which demand attention from CDC and [HHS’ National Vaccine Program Office],” the lawmakers wrote. On Thursday, February 14, the committee announced that it will hold a hearing on the subject on March 5.

Also Thursday, Rep. Adam Schiff (D-Calif.) sent letters to Google CEO Sundar Pichai and Facebook CEO Mark Zuckerberg. In them, Schiff expressed concern over the outbreaks as well as the tech companies’ role in enabling the dissemination of medically inaccurate information.

“You just have to believe!” is the kind of trite line you’d expect in a kids’ movie about a magic talking dog. But it seems the phrase doubles as important advice for college professors. That’s the upshot of a huge study at Indiana University, led by Elizabeth Canning, where researchers measured the attitudes of instructors and the grades their students earned in classes.

Mind the gap

One of the disappointing problems in higher education is the frequent existence of an “achievement gap” between underrepresented minorities and other students. It seems to be the result of various obstacles that students face along the way, from stereotypes about which groups are naturally skilled in which fields, to cultural differences that make some students hesitant to seek help in a class, to a lack of advantages in primary and secondary education. A lot of things can get in the way.

So these scenarios don’t have to take the ugly form of a racist teacher outright telling a student they aren’t welcome. Many issues are unintentional and subtle. If a student has the perception, for any reason, that they aren’t expected to succeed, that can drain enough motivation to ensure that they don’t.

Facebook may have to pay a multi-billion dollar fine for violating its users' privacy—or face a lawsuit from the Federal Trade Commission.

The FTC has been investigating Facebook and is negotiating with the company "over a multi-billion dollar fine that would settle the agency's investigation," The Washington Postreported yesterday, citing "people familiar with the probe." New York Times sources also confirmed that the current negotiations "could amount to a record, multibillion-dollar fine."

The investigation focuses on whether Facebook violated the terms of a 2011 settlement with the FTC. In the 2011 case, the FTC said that Facebook "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public."

Enlarge / The Soyuz MS-10 spacecraft is seen in this false-color infrared image as it launched with Expedition 57 Flight Engineer Nick Hague of NASA and Flight Engineer Alexey Ovchinin of Roscosmos, on Thursday, October 11, 2018. (credit: NASA)

While NASA's commercial crew program continues to demonstrate progress—the first test flight of SpaceX's Crew Dragon may occur as soon as March 2—there are no guarantees the vehicles will be ready for operational flights to the International Space Station by early 2020.

NASA's last contracted flight with Russia is for a mission set to launch in July. The Soyuz MS-13 vehicle will carry cosmonaut Aleksandr Skvortsov, NASA astronaut Andrew Morgan, and Italian astronaut Luca Parmitano for a six- or seven-month stay on the International Space Station. After this, NASA would be at risk of having no more of its people on the orbiting laboratory.

The agency's Aerospace Safety Advisory Panel warned the agency last year that due to potential delays in the commercial crew program, NASA should look into buying more Soyuz seats from Russia. "Senior NASA leadership should work with the Administration and the Congress to guarantee continuing access to ISS for US crew members until such time that US capability to deliver crew to ISS is established," the safety panel recommended.

Customers using Windows Update for Business will lose some ability to delay the deployment of each new Windows feature release once version 1903 goes live.

When Microsoft first started delivering Windows 10 "as a Service" with a regular flow of feature updates, the company planned to have two release tracks: a "Current Branch" (CB) that was consumer-oriented and "Current Branch for Business" (CBB) aimed at enterprises. The CBB track would trail the CB one by a few months, with consumers acting as guinea pigs to iron out bugs before the quality of each release was deemed good enough for corporate customers.

That naming, though not the underlying concept, was changed in 2017 when Microsoft formalized the Windows 10 release schedule and settled on two feature updates per year, one in April and the other in October. The CB track became the "Semi-Annual Channel (Targeted)" (SAC-T), and when this was proven in the real world, it would be pushed to the "Semi-Annual Channel" (SAC), the replacement for CBB. Pro and Enterprise versions of Windows could be set to follow one track or the other, depending on how aggressively an organization wanted to adopt the feature updates. Machines that were set to SAC would automatically wait a few months after each SAC-T release, waiting for the SAC-T version to be blessed as SAC. Typically the gap has been about three months, even for the troubled version 1809 release.

Enlarge / Jason Momoa hit the big time with his portrayal of Khal Drogo in HBO's Game of Thrones and had a global box office smash hit with Aquaman. Now he's set to play Duncan Idaho in new film adaptation of Dune. (credit: HBO)

Deadline Hollywood reports thatAquaman star Jason Momoa—who immortalized Dothraki warlord Khal Drogo in the first season of Game of Thrones—is in negotiations to portray another science-fiction warrior, Duncan Idaho from Dune, Frank Herbert's beloved 1965 science fiction novel. Directed by Denis Villeneuve, this new film adaptation is expected to begin shooting this year.

(Mild spoilers for original novel below.)

Dune is set in the distant future (where else?), and follows the fortunes of various noble houses in what amounts to a feudal interstellar society. Much of the action takes place on the planet Arrakis, where the economy is driven largely by a rare life-extending drug called melange ("the spice") that also conveys a kind of prescience. There's faster-than-light space travel, a prophecy concerning a messianic figure, giant sandworms, and lots of battles, as protagonist Paul Atreides (a duke's son) strives to defeat the forces of Shaddam IV, Emperor of the known universe.

Enlarge / Of the millions of copies of Super Mario Bros. ever sold, this is the rarest and most valuable known to exist. (credit: Wata Games)

A sealed copy of Super Mario Bros. for the NES has sold for $100,150, setting a new record for the video game-collecting market and perhaps ushering in a new era for the valuation of gaming rarities.

Before you go searching to see if that old cartridge in your attic might be your gateway to riches, note that this copy of the game is so valuable primarily because it’s one of the earliest known copies of the game, and in near-perfect condition. The box in question comes from Nintendo's extremely limited "test market launch" for the NES in New York City and Los Angeles starting in late 1985 (no one actually knows the exact date). These copies didn't come in the usual shrink wrap but were instead sealed with a small matte or glossy sticker (this handy guide outlines the many different Super Mario Bros. box variants released between 1985 and 1994).

Deniz Kahn—CEO and cofounder of game-grading service Wata Games, which evaluated this specimen—estimates that only 2,000 to 10,000 copies of each of the 27 test market games were ever made in this sticker-sealed style. That makes finding even an opened box decades later rare enough. Finding one with the sticker seal intact is even rarer; Kahn estimates only a few dozen exist across the whole test-market line.

Samsung's tablets have a lot going for them as enlarged Android devices, but the models really worth considering are quite expensive. Samsung announced the new Galaxy Tab S5e today, a mid-range tablet that the company is hoping will capture people's attention with select premium features and a more accessible $399 price tag.

The high-end nature of the Tab S5e comes in its design. The all-metal unibody is the thinnest and lightest of any Samsung tablet, weighing about 14 ounces and measuring 5.5mm thick. Samsung didn't skimp too much on the display, either, sticking a 10.5-inch, 2560×1600 AMOLED panel with a 16:10 aspect ratio on the tablet. It's also the first Samsung tablet with Bixby built in, allowing users to call on the voice assistant to answer questions, control connected SmartThings devices, and more.

Samsung highlights the multitasking capabilities of the tablet, including a new continuity feature and Dex support. The former lets users make and receive calls and texts from the tablet (it will be available in Wi-Fi and LTE versions) while the latter is Samsung's experimental desktop version of Android. Users can connect a keyboard, mouse, and even an external monitor to the tablet and use Dex to expand Android into a desktop-like software that makes it easier to do many things at once.

Enlarge / Hmm, those don't seem to be the same thing. (credit: Google Maps)

Last week, it appeared that Defense Distributed's battle against the State of New Jersey over a recently enacted "ghost gun" law had new life. This week, a filing from the New Jersey Attorney General's Office puts one of the new lawsuit's inciting incidents into question.

In a February 12 letter (PDF) to District of New Jersey Judge Anne Thompson, NJ Assistant AG Glenn J. Moramarco writes that a recent takedown notice submitted to Cloudflare and aimed at the website CodeIsFreeSpeech was faked.

"A key document supporting Plaintiff's TRO application—a 'takedown notice' purportedly sent by [New Jersey AG's Division of Criminal Justice] to CloudFlare, Inc., which hosts one of the plaintiff's websites, CodeIsFreeSpeech.com—was not in fact issued by DCJ," the NJ AG's office writes in the filing. "[It] appears to have been issued by some entity impersonating the Attorney General's Office."

Welcome to Edition 1.36 of the Rocket Report! Lots of news this week on smaller rockets and the spaceports around the world that aspire to launch them. There's also an interesting report that may explain, at least in part, why recent Iranian attempts to launch rockets have ended in failure. And so much more...

As always, we welcome reader submissions, and if you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.

Firefly targeting late 2019 launch. As part of a feature, Ars explores the factors that led to the dissolution of Firefly in 2016 and the investments by Max Polyakov that brought the company back in 2017. The company's first attempt at its Alpha rocket strove for idealism (with aspects such as an aerospike engine design) that might ultimately have cut costs but required more time and development funds to realize. Eventually, both of those resources ran out.

The bundle retails for $299.99, the Switch’s standard going rate, with the $35 credit available in the form of a download code packed with the console. Nintendo says the credit can be put toward any purchase in the eShop. The company has not provided a specific time frame for the new promotion, only saying that the bundle will be available while supplies last.

This isn’t the absolute best deal we’ve seen for the Switch—a handful of coupon codes and one-off promotions have dropped it as low as $225 in the past year. But those deals have typically been brief, and getting what effectively amounts to a $35 discount is still a pleasant bonus for those who have been interested in picking up the console. For reference, Nintendo’s primary Switch deal for Black Friday was simply bundling Mario Kart 8 Deluxe with the device.